GridNet2 Report Mike Jones, The University of Manchester This report covers the GridNet2 activities for Mike Jones, GridNet2 ID 138, for the OGF 22. Report of activities at OGF 22 – Cambridge, MA The main purposes of my attendance to this OGF was to participate in Security Area Meetings, to attend the RUS and UR WGs and to attend the OGC Sessions. Parallel sessions attended: ● Web 2.0 – Grids sessions ● RUS­WG ● OGSA­AuthZ WG ● Security Area Meeting ● Authz interoperation demos ● OGC­OGF Collaboration Workshops ● GSM­WG Sessions ● UR­WG ● CA­OPS – IGTF Workshops RUS­WG: Morris Riedel chaired the session and was happy to see that NGS was represented. Before the session started we discussed why the NGS had interest in this area and it was well received that NGS is using RUS as a component to its accounting model. I believe that the group wish to maintain ties with the NGS to receive further feedback. During the session other RUS implementations were discussed: the Unicore6.1 implementation, the DGAS gLite Accounting System and the SGAS Globus incubator project; all should have a release at the end of February. They are aware of the JISC Accounting call and wish to form ties with any activity funded in that area. I gave a brief description of how the RUS was implemented within the NGS. There was further discussion regarding RUS, the GLUE schema and the CIM. OGSA­AUTHZ­WG (And AuthZ Interoperation Demonstrations): Some discussion about the architecture document and whether components needed to be restated in the profile documents. Just about ready to pass on the Attribute Exchange Profile to area directors. XACML profile (now only 7 pages) is converging with that of EGEE/OGS's it is, however, envisaged that they will not merge into one document due to time constraints on the latter, worries about having two docs: leads us to rely on a good public comment phase. WS­Trust document has only one implementation so far: from David Chadwick's group. A discussion about attribute and obligation standards, this might be difficult to reach consensus. Security Area Meeting: It was noted that there was no LoA RG meeting; activity has slowed down. I mentioned that the the gap analysis draft was taken from the forge site due to the document being not to our Chair's preferred standard and it was removed at her request. I discussed that there had been much work on revamping the document and that I would ask for the document to be put back on gridforge. OGC­OGF: The OGC Workshop consisted of three meetings. I attended to identify whether there were any crossovers between the SARoNGS project and security related access control to OGC Web Service interfaces. There is an opensource community providing OGC interfaces called Deegree http://www.deegree.org with an official OGC reference implementation. There was some interesting discussion about adding Meta GeoData to XACML policies (gXACML?) for access control. There was discussion about the possible extension to OGSA­DAI to directly query OGC Web Services and WPS using OGAS­DAI as a toolkit. Worries about the performance of OGSA­DAI were raised and it was mentioned that later versions of the middleware had improved performance significantly. Interesting presentations from SEE­GEO, D­Grid and EDINA led to further discussion on the formation of a Virtual Organisation and further collaboration between these 2­3 groups and the NGS GSM­WG This group looks like it is becoming more standards oriented. However, it was noted that the SRM spec v2 was now out of date compared to all implementations and that anyone wishing to build an interoperable SRM had better engage the community not read the developing spec. There was a large discussion about the meaning of 'space' and what 'space' meant; it seems that different implementations deal with space differently and so the behaviour cannot be predicted. UR­WG This meeting was very poorly attended. 5 people, 2 chairs from this group 2 chairs from other groups and myself. The group is looking for a new chair (from outside UK). UR is published but has many known shortcomings: Not good for non­computational resources and unable to handle aggregate usage well. I pointed out that VO membership was missing and that NGS are having to add this into the resources extensions (where it seems this is the only extensible part of the UR v1). There is a survey http://forge.ogf.org/short/ur­wg/survey I assured the group that NGS would be feeding their experiences back through the survey. There was a brief overview of the JISC funded Review of Grid Accounting & Usage report. At which point these was a good discussion between the attendees about how the Unicore and NGS systems worked. Future work on the UR v2 was then discussed, It is worrying about the level of complexity but perhaps this is a requirement. CAOPS­WG: This was a complete day session. It started with presentations from a number of HSM vendors. Aladin's rep (who manufacture the eToken) questioned about the cost and openness of the drivers. He mentioned that there was new driver released that unified the behaviour across Linux Windows and Mac. There was some scepticism and it may only be the newer javacard versions of the eToken that behave consistently not the Siemens version. Jens seemed to present all the rest of the talks, of which provided the most provocation was on Robot Certificates where a debate about naming was entered into: why must CN=Robot:... and this was due to the logging facilities. One further interesting discussion came from another talk: The opening of the IGTF OID space for proxy certificates to contain host information for debugging. I mentioned that this was a big missing part in the current Proxy certificate security model: and would partly address what to do is a machine in the field with valid proxy certificate and keys was compromised.